httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Ames <>
Subject Re: DoS with mod_deflate & range requests
Date Tue, 23 Aug 2011 21:00:34 GMT
On Tue, Aug 23, 2011 at 3:32 PM, William A. Rowe Jr. <>wrote:

> I suggest we should be parsing and reassembling the list before we
> start the bucket logic.

> I propose we satisfy range requests in the only sensible manner, returning
> the ranges in sequence,

yeah, overlapping ranges should be merged up front. That ought to completely
fix the issue.

fwiw, I played with the script to create the attack and noticed this:

Content-Length: 950883

That's probably the sum of the overlapping ranges.  My original file is 3929
bytes long.


View raw message